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(54) Authentication system capable of maintaining security and saving expenses 



(57) The connnnunicationsternninall has the individ- 
ual ID 2 added in the process of nnanufacturing and the 
authentication server 3 connected to the comnnunica- 
tions ternninal 1 via the connnnunications network 6 reg- 
isters personal infornnation 4. Upon receiving a connec- 
tion request fronn the connnnunications ternninal 1 , the au- 



thentication server 3 requires the connnnunication ternni- 
nal 1 for transmission of ID 2. The authentication server 
3 perfornns authentication of ID2 transnnitted fronn the 
connnnunications ternninal by deternnining if there is a 
nnatch and provides services available when the ID 2 is 
authenticated. 
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Description 

[0001 ] The present invention relates to an autlientica- 
tion systenn, and nnore particularly to an authentication 
systenn for preventing leakage of a user's infornnation 5 
when the user perfornns electronic shopping and the like 
via a connnnunications circuit (network) using a comnnu- 
nications ternninal. 

[0002] Conventionally, a systenn in which a user 
sends notifications including a credit card nunnber or io 
personal infornnation (address, nanne, bank account 
nunnber and the like) from a connnnunications ternninal to 
a host connputer connected to a network at every pur- 
chase of nnerchandise is adopted in the electronic shop- 
ping using a connnnunications ternninal. ^5 
[0003] And in LAN (Local Area Network) and the like, 
an authentication for deternnining whether the user is a 
right person to nnake an access or not is perfornned by 
setting an identifier such as IDs (Identification) or pass- 
words and the like. In the case above, precluding unau- 20 
thorized accesses nnade by a third party outside is es- 
sential for preventing infornnation f ronn being leaked out- 
side. A proposal is made about countermeasures 
against the unauthorized access in, for example, JP-A- 
2000-10927. 25 
[0004] In a system described in JP-A-2000-1 0927, a 
user's "PHS number", "password for an authentication 
device" and "remote connection ID" are registered in an 
authentication device in advance. And the authentica- 
tion device certifies the "user's PHS number" and the 30 
"password for the authentication device" in response to 
a line connection from the user by inputting "telephone 
number + password for the authentication device". 
When there is a match, the authentication device sends 
messages to the user that a temporary password is is- 35 
sued with respect to the user's PHS terminal and that 
the user needs to wait having communications of his or 
her PHS terminal off for a time. Then the authentication 
device issues a temporary password with respect to the 
user and notifies the user of the issuance by indicating 40 
a character message on the user's PHS terminal. The 
user can receive network services by connecting a per- 
sonal computer (PC) to a remote connecting device us- 
ing the temporary password. 

[0005] However, according to the conventional sys- ^5 
tem, in the event that the authentication of a user is per- 
formed by inputting user's credit card number or person- 
al information, a third person may be authenticated un- 
der a fictitious credit card number and personal informa- 
tion and security problems can be caused. And the user 50 
has to be bothered by information inputting operations. 
[0006] Further, according to JP-A-2000-1 0927, the 
user has to have a PHS terminal for obtaining the tem- 
porary password and is required to input the temporary 
password, which bothers the user. 55 
[0007] It is therefore an object of the present invention 
to provide an authentication system capable of reducing 
costs for security measures maintaining security without 
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bothering users. 

[0008] To solve the above-mentioned problems, the 
present invention provides an authentication system for 
determining the authenticity of a user on the occasion 
of providing said user with desirable services via a ter- 
minal connected to a communications circuit or a net- 
work, characterized in connecting an authentication 
server in which personal information for authentication 
are registered to the above-mentioned communications 
circuit -or the above-mentioned network, sending a re- 
quest for transmitting an individual ID added to the 
above-mentioned terminal from the above-mentioned 
authentication server in response to a connecting re- 
quest from the above-mentioned terminal, and perform- 
ing authentication according to pass/fail result of verify- 
ing the above-mentioned received ID. 
[0009] According to the system, database is formed 
by individual IDs added to each terminal and personal 
information on the server side in advance and authen- 
tication is performed based on a verification result of an 
ID sent from the terminal upon request from the server 
side when a user makes an access from the terminal. 
Therefore, inputting operation for authentication by the 
user becomes unnecessary, which can avoid personal 
information to be revealed by the third party (can ensure 
security). And as the inputting operation is no longer re- 
quired, users are not bothered. Further, as there is no 
need to issue the temporary passwords, reduction of 
costs for security measures becomes possible. 

Fig. 1 is a block diagram for showing an authenti- 
cation system of the present invention. 
Fig. 2 is a block diagram for showing an embodi- 
ment of the authentication system according to the 
present invention. 

Fig. 3 is a timing chart for showing an operation of 
the system shown in Fig. 2; and 
Fig. 4 is a flowchart for showing processes in a 
shopping agent and an authentication server. 

[0010] Hereinafter, preferred embodiments of the 
present invention are described more particularly based 
on the drawings. 

A first preferred embodiment 

[0011] Fig. 1 illustrates an authentication system of 
the present invention. 

[0012] A communications terminal 1 in which an indi- 
vidual ID 2 for each terminal is set is connected to an 
authentication server 3 via a communications network 
6. In the authentication server 3, the ID 2 is registered 
in advance and personal information 4 associated with 
the ID 2 is stored further. 

[0013] The ID 2 is an individual number consisting of 
a plural digit of numbers or a combination of numbers 
and alphabets and the like added in manufacturing proc- 
ess by a manufacturer (different from a product serial 
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number) and disables adnninistrators and the like for re- 
set or change. And the ID 2 is fixed and can not be re- 
used by other connnnunicationsternninals usingthe iden- 
tical contents. Therefore, an ID offering a superior level 
of identification and safety can be obtained. The ID 2 is 5 
readout by an inputting device specially provided on the 
side of an administrator and stored in the authentication 
device 3 together with the personal information 4 in the 
event of, for example, joining electronic shopping. 
[0014] Address, name, bank account number, credit io 
information and the like are used as the personal infor- 
mation 4. A contractors of a communication service per- 
formed by using the communications terminal 1 is iden- 
tified by the personal information 4. As the ID 2 and the 
personal information 4 are corresponding to each other, ^5 
the personal information 4 can be retrieved from ID 2. 
[0015] A communications terminal providing a func- 
tion of JAVA Virtual Machine is used as a communica- 
tions terminal 1 . JAVA Virtual Machine is a machine con- 
structed by using JAVA which is a programming Ian- 20 
guage developed by Sun Microsystems Cooperation in 
the United States and operates on OS (Operating Sys- 
tem) such as Windows, Unix and the like. A portable 
phone, a simplified portable phone (PHS: Personal 
Handy-phone System), PDA (Personal Digital Assist- 25 
ant) device providing communication facility, a set top 
box (STB) and the like are applicable as the above-men- 
tioned communications terminal 1 under a condition of 
providing individual ID 2 in manufacturing process as 
mentioned above. 30 
[0016] In the composition of Fig. 1 , the personal infor- 
mation 4 of the contractor 5 is registered in the authen- 
tication server 3 in advance. The contractor 5 calls up 
the authentication server 3 when the contractor 5 wants 
to connectthe communications terminal 1 totheauthen- 35 
tication server 3. In response to the call, the authentica- 
tion server 3 requires transmission of the ID 2 with re- 
spect to the communications terminal 1 . The communi- 
cations terminal 1 responds to the request from the au- 
thentication server 3 and sends the ID2 to the authenti- 40 
cation server 3. The authentication server 3 compares 
the obtained ID2to each of IDs registered in the authen- 
tication server 3 to determine if there is a match. In the 
event there is a match, processes of the electronic shop- 
ping is executed using the personal information 4 cor- ^5 
responding to the matching ID2. 
[0017] Thus, the security of the personal information 
can be ensured by performing the authentication using 
the individual ID2 set individually in the communications 
terminal 1, because there is no need to key-input the 50 
personal information from the communications terminal 
1. Further, inputting the personal information is not re- 
quired, which relieve the user of bothers. 

A second preferred embodiment 55 

[0018] As it has been mentioned above, the present 
invention performs the authentication uniquely usingthe 
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ID provided in each communications terminal 1 . Accord- 
ingly the system possibly be abused by a third party in 
the event that the communications terminal 1 falls into 
other's hand by theft and the like. For this reason, an 
obligation of inputting a password is adopted in a second 
preferred embodiment. A password previously regis- 
tered as one of the personal information is used here. 
[0019] Fig. 2 illustrates an embodiment of the authen- 
tication system according to the present invention. 
[0020] The present embodiment illustrates an exam- 
ple of a network system for performing the electronic 
shopping. Identical numerals quoted from Fig. 1 are put 
respectively on the portions having identical composi- 
tions and functions in Fig. 2. And a portable terminal 1 0 
represented by a portable phone and a PHS is used as 
the communications terminal 1 shown in Fig. 1 . 
[0021 ] As mentioned above, the portable terminal 1 0 
has the ID2 individually added inside of the communi- 
cations terminal and is positioned as a terminal of a sub- 
scriber (contractor) in the communications network 6. A 
contractor of the communications service using the port- 
able terminal 10 is indicated as the contactors. And a 
shopping agent (agent) 8 connected to the authentica- 
tion server 3 and a Web server 7 provided in each dis- 
tributor are connected to the communications network 
6. The authentication server 3 stores the personal infor- 
mation (address, name, bank account number, credit in- 
formation and the like) 4 for authentication and functions 
as a kind of database. The shopping agent 8 starts up 
in response to a requirement for the electronic shopping 
and provides af unction for autonomously executing var- 
ious processes associated with the electronic shopping 
based on knowledgebase contained therein. 
[0022] Fig. 3 illustrates an operation of the system 
shown in Fig. 2. And Fig. 4 illustrates processes in the 
shopping agent and the authentication server. Referring 
to Figs. 3 and 4, an operation of the composition shown 
in Fig. 2 is described. Hereinafter "S" indicates a step in 
the drawings. 

[0023] In the event of performing electronic shopping, 
the contractors makes an access to the shopping agent 
8 via the communications network 6 using the portable 
terminal 1 0 (S1 01 , S201 ). The shopping agent 8 sends 
a request for ID2 to the portable terminal 1 0 using JAVA 
applet (a program written in JAVA language and oper- 
ates in a browser) in order to identify the portable termi- 
nal 10 (SI 02, S202). The portable terminal 10 transmits 
the ID 2 to the shopping agent 8 in response to the re- 
quest (SI 03). After receiving the ID 2 (S203), the shop- 
ping agent 8 further transmits the ID 2 to the authenti- 
cation server 3. The authentication server 3 authenti- 
cates the ID 2 in comparison with previously registered 
personal information 4 (SI 04, S204). In the event that 
the authentication is established (S205), the establish- 
ment of the authentication is notified to the Web server 
7 (SI OS, S206). 

[0024] In the event that the ID 2 is not transmitted in 
response to the request for transmission of ID 2 from 
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the shopping agent 8 even after a predeternnined length 
of tinne, and in the event that the authentication is not 
established, a process of rejecting the connnnunications 
is executed (S106, S208). 

[0025] When the authentication is established, the 
Web server 7 is connected with the portable ternninal 1 0 
(S1 08) via the connnnunications network 6 and the shop- 
ping agent 8 (S107), and connnnunications between the 
portable ternninal 1 0 and the Web server 7 is executed 
(S109, S110). All the contractor 5 has to do is to follow 
the necessary procedure arranged with the Web server 
7 so that the contractor 5 can purchase desirable prod- 
ucts. 

[0026] As it has been nnentioned above, according to 
the ennbodinnents of the present invention, key input of 
the personal infornnation fronn the portable ternninal 10 
beconnes unnecessary because of the authentication 
using individual ID 2 individually set in each portable ter- 
nninal 10, and therefore, security of the personal infor- 
nnation can be ensured. And there is no need to input 
personal infornnation, thereby relieving bothers. 
[0027] Further, not only a configuration wherein an ID 
is stored inside of the portable ternninal 10 but also a 
connposition wherein an ICcard having ID2 stored there- 
in is installed in the portable ternninal 1 0 can be accepted 
as the aspects of the ID 2 of the portable ternninal 1 0. 
[0028] It has been described about the electronic 
shopping in the preferred ennbodinnents nnentioned 
above. However, the present invention is not linnited to 
the electronic shopping and is further adoptable for all 
kinds of connnnunications dealing with the personal in- 
fornnation (Internet on-line sale, electronic business 
transaction and the like) using the Internet and tele- 
phone lines and the like available for un indefinite 
nunnber of people. 

[0029] As described above, according to the authen- 
tication systenn of the present invention wherein data- 
base is fornned by IDs individually added to ternninals 
and personal infornnation on the server side, the server 
requests the ternninal for transnnitting the ID when a user 
nnakes an access fronn the ternninal and authentication 
is perfornned based on a result of verifying the ID, there- 
by avoiding input operation for authentication by the us- 
er. Accordingly, personal infornnation can be protected 
from being revealed by a third party in result and security 
can be ensured. Additionally, users are not bothered by 
forced input operation. Further, there is no need to issue 
a tennporary password, thereby reducing costs for se- 
curity nneasures. 



Claims 

1. An authentication systenn for deternnining the au- 
thenticity of a user on the occasion of providing said 
user with desirable services via a ternninal connect- 
ed to a connnnunications circuit or a network, where- 
in an authentication server in which personal infor- 



nnation for authentication is registered is connected 
to said connnnunications circuit or said network, and 
said server nnakes a request to said ternninal for an 
ID individually added to said ternninal to be trans- 
5 nnitted upon connection request fronn said ternninal 

so that the authentication is perfornned according to 
the pass/fail result of verification of said transmitted 
ID. 

10 2. An authentication system as claimed in claim 1 , 
wherein said individual ID is set and stored in man- 
ufacturing process said terminal. 

3. A system as claimed in claim 1 or 2, wherein 

15 said terminal represents a portable phone, a simpli- 
fied portable phone (PHS), a PDA (Personal Digital 
Assistant) terminal, or a set top box. 

4. A system as claimed in claim 1 , 2 or 3, wherein 

20 said individual ID is provided in an IC card remov- 
able from said terminal. 

5. A system as claimed in claim 1 , 2, 3 or 4, wherein 
an input of a password from said terminal is one of 

25 conditions of authentication performed by said au- 
thentication server. 

6. A system as claimed in claim 1 , 2, 3, 4 or 5, wherein 
said authentication server is connected to an agent 

30 taking charge of processes of receiving an access 
from said terminal, requesting said terminal to 
transmit said individual ID, and communicating with 
a Web server. 

35 7. An authentication system as claimed in claim 6, 
wherein 

said agent is a shopping agent for executing elec- 
tronic shopping and said Web server is provided in 
distributors. 

40 
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CHG DATE=20020403 STATUS=0> The communications terminal 1 
has the individual ID 2 added in the process of manufacturing and the 
authentication server 3 connected to the communications terminal 1 via the 
communications network 6 registers personal information 4. Upon receiving 
a connection request from the communications terminal 1, the authentication 
server 3 requires the communication terminal 1 for transmission of ID 2. 
The authentication server 3 performs authentication of ID2 transmitted from 
the communications terminal by determining if there is a match and 

provides services available when the ID 2 is authenticated. LJ 
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